![]() ![]() An attacker could fill the Lambda instance disk by performing multiple MultiPart requests containing files. The flow mimics what plain PHP does but it does not delete the temporary files when the request has been processed. During the conversion process, if the request is a MultiPart, each part is parsed and for each which contains a file, it is extracted and saved in `/tmp` with a random filename starting with `bref_upload_`. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.Ĭross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4.īref enable serverless PHP on AWS Lambda. An issue was discovered in MISP before 2.4.184.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |